Gmail users hit by ViddyHo phishing chat attack

It's not been a good 24 hours for Gmail users. Having survived a blackout yesterday morning, fans of Google's email system have been the target of phishing campaign spreading via the Google Talk chat system.

The unsolicited instant messages urge Gmail users to "check out this video" by clicking on a link via the TinyURL service. The link, however, directs users to a website called ViddyHo - which asks surfers to enter their Gmail usernames and passwords.

This is, of course, a classic attempt to phish credentials from the unwary. The hackers behind ViddyHo could use the credentials they have stolen via their site to break into accounts, grab identity information and impact your wallet.

Because people are more used to receiving suspicious communications via email than instant messaging chat sessions, there's a chance that some users may be more likely to fall into the trap.

If you were unfortunate enough to fall for this scam - make sure to change your Gmail password immediately. In fact, also change your passwords on any other site where you might be using the same password as on Gmail.

Potentially a hacker who has grabbed your Gmail password could have accessed your entire address book and scooped up all of your correspondence - including information that you may have archived about other online accounts.

The message is simple. You should always be wary of clicking on unsolicited links and be extremely careful whenever a website asks you for a username and password.

TinyURL has now blacklisted the site, meaning that their link will no longer work. However, there is nothing to stop the hackers using other URL shortening sites or setting up alternative phishing sites to try and steal from the unwary.

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley